views:

671

answers:

12

I'd like to simulate a file without writing it on disk. I have a file at the end of my executable and I would like to give its path to a dll. Of course since it doesn't have a real path, I have to fake it.

I first tried using named pipes under Windows to do it. That would allow for a path like \\.\pipe\mymemoryfile but I can't make it works, and I'm not sure the dll would support a path like this.

Second, I found CreateFileMapping and GetMappedFileName. Can they be used to simulate a file in a fragment of another ? I'm not sure this is what this API does.

What I'm trying to do seems similar to boxedapp. Any ideas about how they do it ? I suppose it's something like API interception (Like Detour ), but that would be a lot of work. Is there another way to do it ?

Why ? I'm interested in this specific solution because I'd like to hide the data and for the benefit of distributing only one file but also for geeky reasons of making it works that way ;) I agree that copying data to a temporary file would work and be a much easier solution.

A: 

Dear Emmanuel, Why You Do not use IsolatedStorage ?

Nasser Hadjloo
Didn't know about it but it is .NET only isn't it ? I need a native solution.
Emmanuel Caradec
+3  A: 

Pipes are for communication between processes running concurrently. They don't store data for later access, and they don't have the same semantics as files (you can't seek or rewind a pipe, for instance).

If you're after file-like behaviour, your best bet will always be to use a file. Under Windows, you can pass FILE_ATTRIBUTE_TEMPORARY to CreateFile as a hint to the system to avoid flushing data to disk if there's sufficient memory.

If you're worried about the performance hit of writing to disk, the above should be sufficient to avoid the performance impact in most cases. (If the system is low enough on memory to force the file data out to disk, it's probably also swapping heavily anyway -- you've already got a performance problem.)

If you're trying to avoid writing to disk for some other reason, can you explain why? In general, it's quite hard to stop data from ever hitting the disk -- the user can always hibernate the machine, for instance.

Stephen Veiss
The files will be embedded directly in the .exe but the dll only accept a path as an input (it can't load from an istream or something like this )
Emmanuel Caradec
+3  A: 

Since you don't have control over the DLL you have to assume that the DLL expects an actual file. It probably at some point makes that assumption which is why named pipes are failing on you.

The simplest solution is to create a temporary file in the temp directory, write the data from your EXE to the temp file and then delete the temporary file.

Is there a reason you are embedding this "pseudo-file" at the end of your EXE instead of just distributing it with our application? You are obviously already distributing this third party DLL with your application so one more file doesn't seem like it is going to hurt you?

Another question, will this data be changing? That is are you expecting to write back data this "pseudo-file" in your EXE? I don't think that will work well. Standard users may not have write access to the EXE and that would probably drive anti-virus nuts.

And no CreateFileMapping and GetMappedFileName definitely won't work since they don't give you a file name that can be passed to CreateFile. If you could somehow get this DLL to accept a HANDLE then that would work.

And I wouldn't even bother with API interception. Just hand the DLL a path to an acutal file.

shf301
+1  A: 

Reading your question made me think: if you can pretend an area of memory is a file and have kind of "virtual path" to it, then this would allow loading a DLL directly from memory which is what LoadLibrary forbids by design by asking for a path name. And this is why people write their own PE loader when they want to achieve that.

I would say you can't achieve what you want with file mapping: the purpose of file mapping is to treat a portion of a file as if it was physical memory, and you're wanting the reciprocal.

Using Detours implies that you would have to replicate everything the intercepted DLL function does except from obtaining data from a real file; hence it's not generic. Or, even more intricate, let's pretend the DLL uses fopen; then you provide your own fopen that detects a special pattern in the path and you mimmic the C runtime internals... Hmm is it really worth all the pain? :D

Gregory Pakosz
since c runtime is a facade for w32 functions, I wouldn't need to override every function that uses file, but the low level one.
Emmanuel Caradec
+1  A: 

How about using a some sort of RamDisk and writing the file to this disk? I have tried some ramdisks myself, though never found a good one, tell me if you are successful.

David
A: 

Well, if you need to have the virtual file allocated in your exe, you will need to create a vector, stream or char array big enough to hold all of the virtual data you want to write.

that is the only solution I can think of without doing any I/O to disk (even if you don't write to file).

If you need to keep a file like path syntax, just write a class that mimics that behaviour and instead of writing to a file write to your memory buffer. It's as simple as it gets. Remember KISS.

Cheers

Andre
+1  A: 

Please explain why you can't extract the data from your EXE and write it to a temporary file. Many applications do this -- it's the classic solution to this problem.

If you really must provide a "virtual file", the cleanest solution is probably a filesystem filter driver. "clean" doesn't mean "good" -- a filter is a fully documented and supported solution, so it's cleaner than API hooking, injection, etc. However, filesystem filters are not easy.

OSR Online is the best place to find Windows filesystem information. The NTFSD mailing list is where filesystem developers hang out.

jpm42
+3  A: 

You can store the data in an NTFS stream. That way you can get a real path pointing to your data that you can give to your dll in the form of

x:\myfile.exe:mystreamname

This works precisely like a normal file, however it only works if the file system used is NTFS. This is standard under Windows nowadays, but is of course not an option if you want to support older systems or would like to be able to run this from a usb-stick or similar. Note that any streams present in a file will be lost if the file is sent as an attachment in mail or simply copied from a NTFS partition to a FAT32 partition.

I'd say that the most compatible way would be to write your data to an actual file, but you can of course do it one way on NTFS systems and another on FAT systems. I do recommend against it because of the added complexity. The appropriate way would be to distribute your files separately of course, but since you've indicated that you don't want this, you should in that case write it to a temporary file and give the dll the path to that file. Make sure you write the temporary file to the users' temp directory (you can find the path using GetTempPath in C/C++).

Your other option would be to write a filesystem filter driver, but that is a road that I strongly advise against. That sort of defeats the purpose of using a single file as well...

Also, in case you want only a single file for distribution, how about using a zip file or an installer?

villintehaspam
And how exactly do you distribute the file? I would say zipping or copying the exe would make the NTFS stream vanish?
Gregory Pakosz
@Gregory: Yes. The use case isn't really clear in the question, but I agree that using streams may very well not be an option for the OP - hopefully this is also clearly indicated in my answer. The main point I'm trying to hammer home in the answer is that using an actual file is the best option.
villintehaspam
This is a very interesting idea. Too bad it only works on ntfs. As there is no perfect answer, this one is the best.
Emmanuel Caradec
+1  A: 

Open the file called "NUL:" for writing. It's writable, but the data are silently discarded. Kinda like /dev/null of *nix fame.

You cannot memory-map it though. Memory-mapping implies read/write access, and NUL is write-only.

Seva Alekseyev
+1  A: 

I'm guessing that this dll cant take a stream? Its almost to simple to ask BUT if it can you could just use that.

Buttink
It is a dll that I do not own, neither do I have source code for it, it only has a loadfile api with a path. So I can't change this.
Emmanuel Caradec
A: 

Have you tried using the \?\ prefix when using named pipes? Many APIs support using \?\ to pass the remainder of the path directly through without any parsing/modification.

http://msdn.microsoft.com/en-us/library/aa365247(VS.85,lightweight).aspx

Computer Guru
A: 

Why not just add it as a resource - http://msdn.microsoft.com/en-us/library/7k989cfy(VS.80).aspx - the same way you would add an icon.

Klerk